Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

SEPM offline - how will clients update when bought back online?

  • 1.  SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 09:19 AM

    Hi there everyone,

     

    Many time reader, first time poser of a question... I have a query around update content and delta updates.

     

    Due to some issues, my SEPMs (v12.1.2) have been offline and missed downloading new content every 4 hours. In the interim clients will have autonomously received updates from the Internet directly (and as such be on a later version of definition revision that the SEPM when it comes back online).

     

    My question - will the SEPM distribute the full.zip to these clients when it receives the first download itself, or will it be able to construct a delta update for those clients, based on what it had previously and what it will have after it's first download? I keep 90 content revisions, and will be around 3-5 revisions behind - last download 130624020.

    Many thanks!



  • 2.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 09:22 AM

    You're only a few days out of date and with you keeping 90 revisions, it should be able to construct a delta and send the delta the clients instead of a full



  • 3.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 09:28 AM

    There is a logic involved check this

    When will a client download a full definition set from a Symantec Endpoint Protection Manager or Group Update Provider?



  • 4.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 09:37 AM

    Thanks Brian - That's kind of what I hoped, however it appears to be against what Rafeeq suggests - although the tech article link is for v11 specifically and clients assumed to be older. This will be newer clients. It would seem a little inefficient if they will download a full.zip, and also break my network since there are 1,000s of them... frown



  • 5.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 09:49 AM

    90 revisions is roughly a months worth of definitions



  • 6.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 09:53 AM

    You did mention that In the interim clients will have autonomously received updates from the Internet directly

    if they have received updates from Internet and are upto date. SEPM will only send updates if they are missing, if they already have the latest. it would not send any to them.



  • 7.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 10:00 AM

    Yeah maybe I'm getting myself a little confused over this... So the following would be what will happen (?)

    .. Numbers used below are purely examples

     

    • Client has rev.003, SEPM is offline and the most recent revision it has is rev.001
    • SEPM is bought online
    • Client connects to SEPM, SEPM has nothing newer to offer immediately so offers nothing to client/nothing is downloaded
    • SEPM LU cycle runs and receives rev.004, but does not have rev.002 and rev.003 interim revisions
    • SEPM is capable of building delta between rev.003 (Client) and rev.004 (SEPM)
    • Delta to rev.004 is download to Client

     



  • 8.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 10:01 AM

    OK - missed that message while typing the last...

     

    In which case, yes, the SEPM will have missed updates that the clients have...



  • 9.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 26, 2013 10:02 AM

    The theory is that the SEPM will create a delta as long as it has in its repository the def that the client is using, and the latest defs.  It is only able to create a delta by looking at both, and comparing the differences.

    In other words, everything is fine if the clients and the SEPM are on the same defs, as everything afterwards will be updated using deltas.

    You only need to worry if a client is running a def revision that the SEPM has missed (while offline).

    Note: This assumes the SEPM doesn't download the defs its missed anyway.  I'd recommend checking the LiveUpdate Content Policy for the revisions it has in its repository to see if it does grab missed defs.



  • 10.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 27, 2013 06:21 AM

    Hello,

    of course, the SEPM can't create a delta between 004 and 003 without having 003 too, hence a full.zip is sent.

    Find here some older JDB files to fill the gap in the SEPM:

    ftp://ftp.symantec.com/AVDEFS/symantec_antivirus_corp/jdb/

    http://www.symantec.com/business/support/index?page=content&id=TECH102607&locale=en_US



  • 11.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 27, 2013 06:28 AM

    Hi Beppe - If this works I'm forever in your debt :) Much appreciatd. Would you suggest bringing the .JDB files in one-by-one in the standard manner - i.e. put them into the inbox, wait for the SEPM to update, add the next, etc...?



  • 12.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 27, 2013 06:46 AM

    You are welcome!

    Yes, I would do it one-by-one. If it will end up that what is published in the public FTP site does not cover your gap, you need to contact our Technical Support to get older and/or specific JDB files.



  • 13.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jun 27, 2013 07:02 AM

    Looking at the available FTP downloads, it should cover exactly the gap we need...

    We will change the Apache webserver port to prevent clients from downloading content directly from the SEPM in the interim until all the definitions are up-to-date again, then bring back onto 8014.

    I shall put an update on here tomorrow with the result.

    Again - much appreciated for your response!



  • 14.  RE: SEPM offline - how will clients update when bought back online?

    Broadcom Employee
    Posted Jun 27, 2013 07:30 AM

    Hi,

    Thank you for posting in Symantec community.

    A client will download a full definition any time its SEPM is not able to build a delta for the content it is requesting. In order for the SEPM to be able to build a delta, the following conditions must be met:
     
    The SEPM must have a copy of the definition revision that the client is currently at.
    The SEPM must have a copy of the content being requested by the client.
    If both conditions are met, then the SEPM will build a delta for the requested content.
     
    In most cases, if a client is requesting a full.zip, it is because its definitions are farther out of date than the number of content revisions being kept on the SEPM. If a client is requesting a full.zip because of this condition, the product is working as designed.
     
     


  • 15.  RE: SEPM offline - how will clients update when bought back online?
    Best Answer

    Posted Jul 01, 2013 10:31 AM

    Hello,

    did it work? If yes, remember to flag this discussion as resolved!



  • 16.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jul 02, 2013 06:15 AM

    Yes - brilliant thanks... We imported all the missing content last night (around 13 JDBs worth), and the SEPM is happilly creating deltas today :D



  • 17.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jul 02, 2013 07:57 AM

    OK so what was the solution?? please mark the right one



  • 18.  RE: SEPM offline - how will clients update when bought back online?

    Posted Jul 02, 2013 08:03 AM

    I checked off Beppe's last response... To download the JDB files for the missing content. Without that, would have been full.zips all the way.

    All advise has been much appreciated though, I've been really impressed with the responses on the KB